Privacy Policy

Last updated: July 14, 2026

This Privacy Policy describes how Pendravo LLC (“Pendravo,” “we,” “us,” or “our”) collects, uses, discloses, and protects information in connection with our website, platform, and related services (collectively, the “Services”). It also explains the privacy rights available to you and how to exercise them. By using the Services, you acknowledge that you have read and understood this Policy.

1. Controller and processor roles

For information about visitors to our website and holders of Pendravo accounts, Pendravo acts as a data controller. For content that our customers store and manage within their workspaces (“Customer Data”), Pendravo acts as a data processor, processing that content on the customer’s instructions. If you interact with a workspace operated by one of our customers, that customer is the controller of your information, and you should review their privacy notice.

2. Information we collect

  • Account information. Name, work email, company, role, and authentication data you provide when you register, request access, or are invited to a workspace.
  • Customer Data. Records, files, and other content you or your organization create in the Services. This is controlled by your organization; we process it on their behalf.
  • Contact and lead submissions. Information you send through our contact, sales, and website forms (e.g., name, email, company, message).
  • Billing information. Subscription plan and transaction details. Payment card data is processed by our payment providers; we do not store full card numbers.
  • Usage and device data. IP address, browser and device type, timestamps, pages viewed, and actions taken, collected automatically to operate and secure the Services.
  • Cookies and similar technologies. Used for authentication, preferences, and analytics (see Section 7).

3. How we use information

  • Provide, operate, maintain, and improve the Services.
  • Authenticate users and secure accounts, workspaces, and tenant data.
  • Respond to inquiries, provide customer support, and send administrative and service-related communications.
  • Process transactions and manage subscriptions and billing.
  • Monitor, detect, prevent, and investigate fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our agreements.
  • With your consent, send marketing communications (which you may opt out of at any time).

4. Legal bases for processing (EEA/UK)

Where the EU or UK GDPR applies, we rely on the following legal bases:

  • Contract. To provide the Services you or your organization have requested.
  • Legitimate interests. To operate, secure, and improve the Services, provided these interests are not overridden by your rights.
  • Consent. For certain marketing and cookies; you may withdraw consent at any time.
  • Legal obligation. To comply with applicable laws and lawful requests.

5. How we share information

We do not sell your personal information. We disclose information only as described below:

  • Service providers / subprocessors. Hosting, database, email delivery, analytics, and payment providers that process data under contract on our behalf. A current list of subprocessors is available on request.
  • Within your organization. Customer Data is accessible to authorized users of your workspace according to your organization’s configuration and roles.
  • Legal and safety. When required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Pendravo, our customers, or others.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

6. Data retention

We retain personal information for as long as your account is active or as needed to provide the Services, and thereafter as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Customer Data is retained according to the controlling organization’s instructions and may be deleted after account termination, subject to a reasonable grace period and any legal retention requirements.

7. Cookies and similar technologies

We use the following categories of cookies. You can control cookies through your browser settings; disabling some cookies may affect functionality.

CategoryPurposeDuration
Strictly necessaryAuthentication, session management, and security. Required for the Services to function.Session / up to 12 hours
PreferencesRemember settings and choices to improve your experience.Up to 12 months
AnalyticsUnderstand aggregate usage to improve the Services. Set only where permitted.Up to 24 months

8. Data security

We implement technical and organizational measures designed to protect information, including encryption in transit, access controls, per-tenant data isolation, and hashing of credentials. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. International data transfers

We are based in the United States and may process and store information in the United States and other countries. Where we transfer personal information from the EEA, UK, or Switzerland, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum), or another lawful transfer mechanism.

10. Your privacy rights

EEA / UK (GDPR). Subject to applicable law, you may have the right to:

  • Access, correct, or delete your personal information.
  • Restrict or object to certain processing.
  • Data portability.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local supervisory authority.

California (CCPA/CPRA). If you are a California resident, you may have the right to:

  • Know the categories and specific pieces of personal information we collect, use, and disclose.
  • Request deletion of your personal information.
  • Correct inaccurate personal information.
  • Opt out of the “sale” or “sharing” of personal information, and limit the use of sensitive personal information.
  • Not be discriminated against for exercising your rights.

We do not sell or share your personal information as those terms are defined under the CCPA/CPRA, and we do not knowingly process sensitive personal information for purposes requiring an opt-out.

Where we process Customer Data on behalf of an organization, please direct rights requests to that organization; we will assist them as their processor. To exercise rights for information we control, contact us at privacy@pendravo.com. We will verify your request and respond within the timeframes required by law. You may use an authorized agent where permitted.

11. Children’s privacy

The Services are not directed to children under 16, and we do not knowingly collect their personal information. If you believe a child has provided us personal information, please contact us and we will take appropriate steps to delete it.

12. Third-party links

The Services may link to third-party websites or services that we do not control. This Policy does not apply to those third parties, and we encourage you to review their privacy notices.

13. Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, where required, provide additional notice. Your continued use of the Services after changes take effect constitutes acceptance of the updated Policy.

14. Contact us

If you have questions or requests regarding this Policy or your personal information, contact us at:

Pendravo LLC
148 E Milwaukee St #1128
Jefferson, WI 53549, USA
Privacy: privacy@pendravo.com